SKIP LAB Do EVERYTHING on BOTH computers: ---------- ---- Check the time on both computers is very similar (date MMDDhhmm). Install the software: pkgadd -d /sc300/skip-1.5.1 skiplocal -i skiplocal -k (type in 50-100 keystrokes at random) skiplocal -l skipif -a init 6 skipif -s Now you need to exchange keys between the two computers. The easiest way is to use two windows, one for the local computer and the other to rlogin to the second computer. skiplocal -x Cut and paste the output of this command to the other computer. Ensure the window is wide enough that part of the command is not omitted. Do this twice, once for each computer, so that both register the key for the other. skipif -s In a third window, watch how snoop can decode the Ethernet packets into IP datagrams and further identify the Rlogin and Telnet protocols and display the cleartext data that you type. snoop -v remote-hostname Turn skip on: remote: skiphost -o on local: skiphost -o on Notice now that snoop now only identifies protocol 57 (skip) and is unable to decrypt any data sent via Rlogin or Telnet. Enable unencrypted IP datagrams with other computers in the classroom: skiphost -a default skipif -s Experiment using rlogin or telnet to other computers, while watching the traffic with snoop. To turn off Skip do: remote: skiphost -o off local: skiphost -o off remote: skipif -s local: skipif -s On both machines, remove Skip so other labs are not affected: skipif -d init 6 SKIP 1.5.1 COMMAND SUMMARY To read the documentation, use Netscape to view file:/sc300/skip-docs/index.html skiplocal manages /etc/skip/localid skiplocal -i initialize database skiplocal -l list ids skiplocal -k generate secret key skiplocal -x emits an exportable command skiplocal -r -s deletes ID from slot skiplocal -e -s extract certificate to stdout skiplocal -P assign password for encryption of locally stored secrets skipd_restart after adding a local ID. skipif -l list skipif -a add skip to interface skipif -d deletes skip from interface skipif -s save acl (do after each change) /etc/skip/acl.hme0 skiphost list state skiphost -h statistics skiphost -a host enable traffic in the clear (add to acl) skiphost -a default enable traffic in the clear to unlisted hosts skiphost -i interface interface (default hme0) skiphost -d host delete host from acl skiphost -x host exclude from acl skiphost -o on|off enable or disable encryption skiphost -P print acl (shell script format) skiphost -V print acl (readable format) skiphost -f flush and disable